/** {@inheritDoc} */ @Override @Nullable public String apply(@Nullable final SubjectContext input) { if (input != null) { return input.getPrincipalName(); } return null; }
/** {@inheritDoc} */ @Override protected void doExecute(@Nonnull final ProfileRequestContext profileRequestContext) { final SubjectContext subjectCtx = new SubjectContext(); subjectCtx.setPrincipalName(canonicalPrincipalName); profileRequestContext.addSubcontext(subjectCtx, true); }
/** * Get an immutable list of Subjects extracted from every AuthenticationResult * associated with the context. * * @return immutable list of Subjects */ @Nonnull @NonnullElements @Unmodifiable @NotLive public List<Subject> getSubjects() { final List<Subject> composite = new ArrayList<>(); for (final AuthenticationResult e : getAuthenticationResults().values()) { composite.add(e.getSubject()); } return ImmutableList.copyOf(composite); }
/** {@inheritDoc} */ @Override protected void doExecute(@Nonnull final ProfileRequestContext profileRequestContext, @Nonnull final AuthenticationContext authenticationContext) { if (canonicalPrincipalName != null) { final SubjectContext sc = profileRequestContext.getSubcontext(SubjectContext.class, true); // Check for an existing value. if (sc.getPrincipalName() != null && !canonicalPrincipalName.equals(sc.getPrincipalName())) { log.warn("{} Result of authentication ({}) does not match existing subject in context ({})", getLogPrefix(), canonicalPrincipalName, sc.getPrincipalName()); ActionSupport.buildEvent(profileRequestContext, IdPEventIds.INVALID_SUBJECT_CTX); return; } sc.setPrincipalName(canonicalPrincipalName); final Map scResults = sc.getAuthenticationResults(); scResults.putAll(authenticationContext.getActiveResults()); final AuthenticationResult latest = authenticationContext.getAuthenticationResult(); if (latest != null && !scResults.containsKey(latest.getAuthenticationFlowId())) { scResults.put(latest.getAuthenticationFlowId(), latest); } } authenticationContext.setCompletionInstant(); }
/** {@inheritDoc} */ protected void doExecute(final ProfileRequestContext profileRequestContext) { profileRequestContext.removeSubcontext(SubjectCanonicalizationContext.class); final SubjectContext subjectContext = profileRequestContext.getSubcontext(SubjectContext.class, true); subjectContext.setPrincipalName(principalName); }
/** {@inheritDoc} */ @Override @Nullable public List<IdPAttributeValue<?>> apply(@Nullable final ProfileRequestContext prc) { final SubjectContext cs = scLookupStrategy.apply(prc); final List<IdPAttributeValue<?>> results = new ArrayList<>(1); for (final Subject subject : cs.getSubjects()) { for (final Principal principal : subject.getPrincipals()) { final List<IdPAttributeValue<?>> values = attributesValueFunction.apply(principal); if ((null != values) && !values.isEmpty()) { results.addAll(values); } } } if (results.isEmpty()) { log.info("{} generated no values, attribute no resolved.", getLogPrefix()); return null; } log.debug("{} Generated {} values.", getLogPrefix(), results.size()); log.trace("{} Values:", getLogPrefix(), results); return results; }
/** {@inheritDoc} */ @Override @Nullable public String apply(@Nullable final SubjectContext input) { if (input != null) { return input.getImpersonatingPrincipalName(); } return null; }
subjectCtx.setPrincipalName(session.getPrincipalName());
log.warn("{} Could not locate SubjectContext", getLogPrefix()); } else { final List<Subject> subjects = sc.getSubjects(); if (null == subjects) { log.warn("{} Could not locate Subjects", getLogPrefix());
@Override public String getName() { final SubjectContext principal = (SubjectContext) getPrincipal(); return principal.getPrincipalName(); }
/** {@inheritDoc} */ @Override protected void doExecute(@Nonnull final ProfileRequestContext profileRequestContext) { final SubjectContext subjectCtx = new SubjectContext(); subjectCtx.setPrincipalName(principalName); profileRequestContext.addSubcontext(subjectCtx, true); }
subjectCtx.setPrincipalName(session.getPrincipalName());
log.debug("{} Could not locate SubjectContext", getLogPrefix()); } else { final List<Subject> subjects = sc.getSubjects(); if (null == subjects) { log.debug("{} Could not locate Subjects", getLogPrefix());
/** {@inheritDoc} */ @Override @Nullable protected String getIdentifier(@Nonnull final ProfileRequestContext profileRequestContext) throws SAMLException { final Function<ProfileRequestContext, String> lookup = getDefaultSPNameQualifierLookupStrategy(); final String relyingPartyId = lookup != null ? lookup.apply(profileRequestContext) : null; if (relyingPartyId == null) { log.debug("No relying party identifier available, can't generate transient ID"); return null; } final SubjectContext subjectCtx = subjectContextLookupStrategy.apply(profileRequestContext); if (subjectCtx == null || subjectCtx.getPrincipalName() == null) { log.debug("No principal name available, can't generate transient ID"); return null; } try { return transientIdGenerator.generate(relyingPartyId, subjectCtx.getPrincipalName()); } catch (final SAMLException e) { log.debug("Exception generating transient ID", e); return null; } }
/** {@inheritDoc} */ @Override @Nullable protected String getIdentifier(@Nonnull final ProfileRequestContext profileRequestContext) throws SAMLException { // Effective qualifier may override default in the case of an Affiliation. // This doesn't really impact transients typically, but for consistency... String relyingPartyId = getEffectiveSPNameQualifier(profileRequestContext); if (relyingPartyId == null) { final Function<ProfileRequestContext, String> lookup = getDefaultSPNameQualifierLookupStrategy(); relyingPartyId = lookup != null ? lookup.apply(profileRequestContext) : null; } if (relyingPartyId == null) { log.debug("No relying party identifier available, can't generate transient ID"); return null; } final SubjectContext subjectCtx = subjectContextLookupStrategy.apply(profileRequestContext); if (subjectCtx == null || subjectCtx.getPrincipalName() == null) { log.debug("No principal name available, can't generate transient ID"); return null; } try { return transientIdGenerator.generate(relyingPartyId, subjectCtx.getPrincipalName()); } catch (final SAMLException e) { log.debug("Exception generating transient ID", e); return null; } }
/** {@inheritDoc} */ @Override protected boolean doPreExecute(@Nonnull final ProfileRequestContext profileRequestContext, @Nonnull final AuthenticationContext authenticationContext) { if (super.doPreExecute(profileRequestContext, authenticationContext) && authenticationContext.getAuthenticationResult() != null) { subjectCtx = subjectContextLookupStrategy.apply(profileRequestContext); sessionCtx = sessionContextCreationStrategy.apply(profileRequestContext); if (sessionCtx == null) { log.error("{} SessionContext creation failed", getLogPrefix()); ActionSupport.buildEvent(profileRequestContext, EventIds.INVALID_PROFILE_CTX); return false; } // We can only do work if a session exists or a non-empty SubjectContext exists. return sessionCtx.getIdPSession() != null || (subjectCtx != null && subjectCtx.getPrincipalName() != null); } return false; }
final SubjectContext context = (SubjectContext) authentication.getPrincipal(); final UserInfo user = userInfoService.getByUsernameAndClientId(context.getPrincipalName(), client.getClientId()); log.debug("Located UserInfo object from principal name {}", context.getPrincipalName());
/** * Create a new session and populate the SessionContext. * * @param authenticationContext current authentication context * @throws SessionException if an error occurs creating the session */ private void createIdPSession(@Nonnull final AuthenticationContext authenticationContext) throws SessionException { log.debug("{} Creating new session for principal {}", getLogPrefix(), subjectCtx.getPrincipalName()); sessionCtx.setIdPSession(sessionManager.createSession(subjectCtx.getPrincipalName())); if (authenticationContext.isResultCacheable()) { sessionCtx.getIdPSession().addAuthenticationResult(authenticationContext.getAuthenticationResult()); } } }
if (subjectCtx == null || subjectCtx.getPrincipalName() == null) { log.debug("No principal name, can't generate persistent ID"); return null; if (value instanceof ScopedStringAttributeValue) { log.debug("Generating persistent NameID from Scoped String-valued attribute {}", sourceId); return persistentIdStrategy.generate(responderId, relyingPartyId, subjectCtx.getPrincipalName(), ((ScopedStringAttributeValue) value).getValue() + '@' + ((ScopedStringAttributeValue) value).getScope()); return persistentIdStrategy.generate(responderId, relyingPartyId, subjectCtx.getPrincipalName(), (String) value.getValue()); } else {
/** {@inheritDoc} */ @Override protected void doExecute(@Nonnull final ProfileRequestContext profileRequestContext, @Nonnull final AuthenticationContext authenticationContext) { final IdPSession session = sessionCtx.getIdPSession(); if (session != null) { try { updateIdPSession(authenticationContext, session); } catch (final SessionException e) { log.error("{} Error updating session {}", getLogPrefix(), session.getId(), e); ActionSupport.buildEvent(profileRequestContext, EventIds.IO_ERROR); } } else { try { createIdPSession(authenticationContext); } catch (final SessionException e) { log.error("{} Error creating session for principal {}", getLogPrefix(), subjectCtx.getPrincipalName(), e); ActionSupport.buildEvent(profileRequestContext, EventIds.IO_ERROR); } } }